PHP PDO MySQL syntax error

Question

Can you tell me what's wrong with my MySql syntax?

$sql  = "INSERT INTO :submissionTable (project_id) VALUES (:projectId)";
$sql2 = "INSERT INTO ".static::$_mSubmissionTableName." (project_id) 
         VALUES ('".$values[0]."')";

$database = DatabaseFactory::getFactory()->getConnection();
$query = $database->prepare($sql);        
$result = $query->execute(array(
  ':submissionTable' => static::$_mSubmissionTableName, 
  ':projectId' => $values[0]
));

Once I run this with $sql I get this error:

Warning: PDOStatement::execute(): 
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; 
check the manual that corresponds to your MySQL server version for the right syntax to use near 
''submission' (project_id) VALUES ('1')' at line 1 in /app/model/ProjectModel.php on line 54

If I run the query with $sql2 and without parameters it executes and inserts desired values. What's wrong with the $sql query?

hakki · Accepted Answer · 2015-11-20T15:10:56.403

2

http://us3.php.net/manual/en/book.pdo.php#69304

Please note this:

Won't work: $sth = $dbh->prepare('SELECT name, colour, calories FROM ? WHERE calories < ?');

THIS WORKS! $sth = $dbh->prepare('SELECT name, colour, calories FROM fruit WHERE calories < ?');

The parameter cannot be applied on table names!!

As you see on this comment, you can not replace table or column names with parameters in PDO.

But you can use variables to fill your table name or column names like

select * from $table where $column_name = "bla bla"

edited Nov 20 '15 at 15:10

answered Nov 20 '15 at 15:05

hakki

6,181
6
62
106

Thanks all. That was it . – Alan Nov 20 '15 at 15:06

PHP PDO MySQL syntax error

1 Answers1